Autonomic Cyber Security (ACS): A paradigm shift in cyber security

By Jesus Pacheco

Advances in mobile and pervasive computing, social network technologies and the exponential growth in Internet applications and services will lead to the development of the next generation of Internet services (Internet of Things, IoT) that are pervasive, ubiquitous, and touch all aspects of our life. The IoT services will be a key enabling technology to the development of smart cities that will revolutionize the way we do business, maintain our health, manage critical infrastructure, conduct education, and how we secure, protect, and entertain ourselves. The integration of physical and cyber systems as well as the human behaviors and interactions (e.g., producers, consumers, and attackers) will dramatically increase the vulnerability and the attack surface of interdependent infrastructure ecosystems. The most common architecture to monitor and control smart infrastructures such as Smart Homes and Smart Buildings, are Building Automation Systems (BAS) and Supervisory Control and Data Acquisition (SCADA) systems. As BAS and SCADA systems become interconnected with Internet resources and services, they become easy targets to cyber adversaries, especially since they were never designed to handle cyber threats. This makes control system data vulnerable to falsification attacks that lead to incorrect information delivery to users, causing them to take wrong and dangerous actions. It also allows adversaries to potentially execute malicious commands on control systems and remote devices, causing harmful actions. Therefore, it is critically important to secure and protect the IoT operations against cyber-attacks.

In this project, we introduce our IoT security framework for Smart Homes that consists of four layers (see figure): devices (end nodes), network, services, and application. Then we present a methodology to develop a general threat model in order to better recognize the vulnerabilities in each layer and the possible countermeasures that can be deployed to mitigate their exploitation. We developed an Anomaly Behavior Analysis Intrusion Detection System to detect anomalies that could be triggered by attacks against the sensors of the first layer (SI End Nodes). We have evaluated our approach by launching several cyberattacks (e.g. Sensor Impersonation, Replay, and Flooding attacks) against our Smart Home testbed created at the University of Arizona Center for Cloud and Autonomic Computing. The results show that our IoT security framework can be used to develop security mechanisms to protect the normal operations of each layer. Moreover, our approach can detect known and unknown attacks for IoT end nodes, with high detection rate and low false alarms.